OWASP Top 10 for AI/LLM Applications (2025)
| Risk | Description | Mitigation Strategy |
|---|---|---|
| LLM01: Prompt Injection | Manipulating model inputs to alter behavior | Input sanitization, prompt templates, output validation |
| LLM02: Sensitive Information Disclosure | Model leaks training data or secrets | Data sanitization, output filtering, access controls |
| LLM03: Supply Chain | Compromised training data/models | Vendor assessment, model verification, provenance tracking |
| LLM04: Data Poisoning | Malicious training data injection | Data validation, model monitoring, retraining controls |
| LLM05: Improper Output Handling | Unsafe output processing | Output encoding, validation, sandbox execution |
| LLM06: Excessive Agency | Over-privileged AI systems | Least privilege, approval workflows, scope limitations |
| LLM07: System Prompt Leakage | Exposing system instructions | Prompt protection, monitoring, access controls |
| LLM08: Vector Weaknesses | ML model vulnerabilities | Adversarial testing, input validation, model hardening |
| LLM09: Misinformation | AI-generated false information | Fact-checking, source attribution, confidence scoring |
| LLM10: Unbounded Consumption | Resource exhaustion | Rate limiting, cost controls, request validation |
Found this useful? Share it:
Share on LinkedIn